glibc: security bump to latest 2.27 branch
Fixed issues are listed in the 2.27 branch NEWS file: CVE-2017-18269: An SSE2-based memmove implementation for the i386 architecture could corrupt memory. Reported by Max Horn. CVE-2018-11236: Very long pathname arguments to realpath function could result in an integer overflow and buffer overflow. Reported by Alexey Izbyshev. CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi architecture could write beyond the target buffer, resulting in a buffer overflow. Reported by Andreas Schwab. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
bea6b866ef
commit
488052edff
@ -1,5 +1,5 @@
|
||||
# Locally calculated (fetched from Github)
|
||||
sha256 a74489d14f4017bee6a6c6fe76f1de0dbf7d66c8695116de5aadd141c4757892 glibc-glibc-2.27.tar.gz
|
||||
sha256 33189b3f10c88730a1f686fac794bc01f31765f12ffd75bc5e8a0f2a690d217a glibc-glibc-2.27-57-g6c99e37f6fb640a50a3113b2dbee5d5389843c1e.tar.gz
|
||||
# Locally calculated (fetched from Github)
|
||||
sha256 ddc63360393ab88ab6a4a0c81d33481f34c5a9ebd758eec2e6bb35385058b4cb glibc-arc-2018.03-rc2.tar.gz
|
||||
|
||||
|
@ -10,7 +10,7 @@ GLIBC_SITE = $(call github,foss-for-synopsys-dwc-arc-processors,glibc,$(GLIBC_VE
|
||||
else
|
||||
# Generate version string using:
|
||||
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master
|
||||
GLIBC_VERSION = glibc-2.27
|
||||
GLIBC_VERSION = glibc-2.27-57-g6c99e37f6fb640a50a3113b2dbee5d5389843c1e
|
||||
# Upstream doesn't officially provide an https download link.
|
||||
# There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
|
||||
# sometimes the connection times out. So use an unofficial github mirror.
|
||||
|
Loading…
Reference in New Issue
Block a user